Posts Tagged PPTP

PPTP Server on Ubuntu Server

Easy way to configure PPTP server on Ubuntu Server 12.04.

First, install PPTP server:

sudo apt-get install pptpd

Configuring the PPTPD server

Now, edit /etc/pptpd.conf

You need to edit localip= and remoteip= lines to match your network.

Ideally, you want to specify the local and remote IP address on your network but off your DHCP range.

Example: I’m using 10.0.1.x addresses on my lan, with subnet mask 255.255.255.0. I could easily use the following:

localip=10.0.2.1
remoteip=10.0.2.100-199

(Any IP ranges over MAX_CONNECTIONS (100) are ignored. )

Note that although 10.0.2.x is technically off my subnet mask, I can use it.

Next, edit /etc/ppp/chap-secrets

Specify username / password combinations in the form

username * password *

Edit /etc/ppp/pptpd-options and uncomment the ms-dns lines and add valid nameservers. Use your ISP’s nameservers, Google’s nameservers, OpenDNS nameservers, or whichever.

If you are running your pptpd server on a hosted VPS, also comment out the proxyarp directive.

Configuring the firewall:

Now, enter the following at the command line to set firewall rules to allow connections

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -A INPUT -i eth0 -p tcp --dport 1723 -j ACCEPT
iptables -A INPUT -i eth0 -p gre -j ACCEPT

If you are going to be routing all traffic through the VPN, also do the following few steps:

iptables -A FORWARD -i ppp+ -o eth0 -j ACCEPT
iptables -A FORWARD -i eth0 -o ppp+ -j ACCEPT

and edit the /etc/sysctl.conf file and uncomment (or add):

net.ipv4.ip_forward=1

Refresh sysctl by doing:

sysctl -p

Finally, restart the pptpd server

service pptpd restart
Advertisements

, ,

Leave a comment

PPTP VPN Connection to Synology NAS on Windows 7

I previously wrote a post about connection to a Synology NAS VPN server using OpenVPN. Although OpenVPN is more secure, it does involve installing software and can be a bit tricky to set up.

The Synology NAS VPN server also has support for PPTP VPN connections, which Windows 7 (as well as other operating systems) have built-in support for, without the need to install software. It’s much easier to set up and get going.

Here’s how to do it:

Assuming that you already have the VPN Server package installed and running, go to VPN Server and make sure your PPTP VPN is enabled.

Also go to Privilege and make sure your user has permission to connect.

Lastly, make sure TCP port 1723 is forwarded to your NAS.

Setting up Windows 7

Click Start > Control Panel > Network and Sharing Center (view by large or small icons) and click Set up a new connection or network.

net_setup_new

Click Connect to a workplace.

net_connect_workplace

If you are prompted, click “No, create a new connection”

net_new_connection

Select “Use My Internet Connection (VPN)

net_use_vpn

In the next screen, enter the IP address or hostname of your Synology NAS.

net_enter_address

In the next screen, you can enter your username and password and click Connect.

Your PPTP connection is now set up. You can access it from your network connections menu.

Deciding whether to route all traffic through the VPN connection

By default, the PPTP link will route all traffic. This is good if you’re using your VPN session as a routing point to encrypt all your traffic. However, if you decide you do not want all traffic routed through the VPN, but only non-public Internet traffic, change your settings as follows (Windows 7):

Click Start > Control Panel > Network and Sharing Center > Change Adapter Settings

Right-Click on your PPTP configuration and click Properties.

Click the Networking tab.

pptp_properties

For both IPv6 and IPv4, do the following:

Click Properties.

Under the General tab, click Advanced.

adv_tcp_ip_settings

To route all traffic through the VPN link, check the Use default gateway on remote network.

To route only non-public Internet traffic, uncheck the box.

Questions or comments, please leave a comment below. Thank you!

, , , ,

Leave a comment

Set up an encrypted VPN using DD-WRT

DD-WRT is feature-rich alternative firmware for a large number of home router models. It adds a wonderful array of new features, VPN being one of them. This walkthrough will show you how to quickly and easily configure a PPTP VPN server on your DD-WRT-powered router, so you can connect to your home network from afar, create a secure tunnel so you can safely use a public Wifi point with your laptop, or secure your iOS or Android device.

Setting up the VPN Server

So here’s how to get started. First, you’ll need a build of DD-WRT supported by your router which includes the VPN software. If you’re doing this on an Internet connection which has an IP address that changes periodically (i.e. residential), you’ll likely want a Free DynDNS hostname to point to your IP address. You’ll also need a basic familiarity of networking.

For the remainder of this guide, I will assume your router’s internal (LAN) IP address is 192.168.1.1.

Start by going to http://192.168.1.1 and login to your router’s administration panel.

Go to Services > VPN and set PPTP Server to enable. After doing that, a few new options will appear. The only ones you need to set are Server IP, Client IP(s), and CHAP Secrets. Set them as follows:

Server IP: You can set this to your router’s LAN IP, i.e. 192.168.1.1

Client IPs: Set this to an IP range OUTSIDE your DHCP range (See Setup > Basic Setup to figure your DHCP range) A good example value would be 192.168.1.200-250 for clients to receive addresses within that range.

CHAP Secrets: This is the username/password combinations for your VPN clients. Format is:
username*password*
Example:
myname * mypassword *

Neither the username nor password can contain spaces, and must be all-lowercase.

You’re done with this page; Click Apply Settings.

Now go to Security > VPN Passthrough and make sure PPTP is set to Enabled. Click Apply Settings if you had to change the setting.

You should now be able to connect to your VPN using your Windows, Mac, or Linux computer by setting up a PPTP connection to your public (WAN) IP or hostname.

Troubleshooting

Can’t get connected? First, try setting up your connection to the router itself, using the LAN IP (192.168.1.1). If that works, then the VPN server is set up correctly; the problem is likely on the WAN side. Keep reading for suggestions. If you weren’t able to get connected, go back to the top and double-check your settings.

iOS-Specific changes

You may need to make the following settings adjustment if you are having trouble connecting specifically from your iOS device running iOS 4.3 or above. Go to Administration > Commands and paste the following in the box. Click Save Startup.

#!/bin/sh
echo "nopcomp" >> /tmp/pptpd/options.pptpd
echo "noaccomp" >> /tmp/pptpd/options.pptpd
kill `ps | grep pptp | cut -d ' ' -f 1`
pptpd -c /tmp/pptpd/pptpd.conf -o /tmp/pptpd/options.pptpd

(Source: DD-WRT Wiki)

If you can connect from the LAN side, but are still having trouble connecting from the WAN side, it’s likely your ISP or your gateway device (modem) is blocking the needed GRE protocol or the needed PPTP port or traffic. Contact your ISP for further assistance.

Do you have any experience or tips to share regarding VPN connections to a DD-WRT-powered router, or any suggestions in addition to the above? Please feel free to share them in the comments below. Thank you!

, , , , , , , , , ,

Leave a comment